sys-apps/shadow/files/shadow-4.1.2.1+openpam.patch - mirrors/cros/chromiumos/overlays/chromiumos-overlay - Git at Google

 Index: shadow-4.1.2.1/configure.in
 ===================================================================
 --- shadow-4.1.2.1.orig/configure.in
 +++ shadow-4.1.2.1/configure.in
 @@ -339,13 +339,29 @@ if test "$with_libpam" != "no"; then
  		AC_MSG_ERROR(libpam not found)
  	fi

 -	AC_CHECK_LIB(pam_misc, main,
 -	             [pam_misc_lib="yes"], [pam_misc_lib="no"])
 -	if test "$pam_misc_lib$with_libpam" = "noyes" ; then
 -		AC_MSG_ERROR(libpam_misc not found)
 +	LIBPAM="-lpam"
 +	pam_conv_function="no"
 +
 +	AC_CHECK_LIB(pam, openpam_ttyconv,
 +		[pam_conv_function="openpam_ttyconv"],
 +		AC_CHECK_LIB(pam_misc, misc_conv,
 +			[pam_conv_function="misc_conv"; LIBPAM="$LIBPAM -lpam_misc"])
 +		)
 +
 +	if test "$pam_conv_function$with_libpam" = "noyes" ; then
 +		AC_MSG_ERROR(PAM conversation function not found)
  	fi

 -	if test "$pam_lib$pam_misc_lib" = "yesyes" ; then
 +	pam_headers_found=no
 +	AC_CHECK_HEADERS( [security/openpam.h security/pam_misc.h],
 +			 [ pam_headers_found=yes ; break ], [],
 +			 [ #include <security/pam_appl.h> ] )
 +        if test "$pam_headers_found$with_libpam" = "noyes" ; then
 +	                AC_MSG_ERROR(PAM headers not found)
 +        fi
 +
 +
 +	if test "$pam_lib$pam_headers_found" = "yesyes" -a "$pam_conv_function" != "no" ; then
  		with_libpam="yes"
  	else
  		with_libpam="no"
 @@ -353,9 +369,22 @@ if test "$with_libpam" != "no"; then
  fi
  dnl Now with_libpam is either yes or no
  if test "$with_libpam" = "yes"; then
 +	AC_CHECK_DECLS([PAM_ESTABLISH_CRED,
 +		PAM_DELETE_CRED,
 +		PAM_NEW_AUTHTOK_REQD,
 +		PAM_DATA_SILENT],
 +		[], [], [#include <security/pam_appl.h>])
 +
 +
 +	save_libs=$LIBS
 +        LIBS="$LIBS $LIBPAM"
 +	AC_CHECK_FUNCS([pam_fail_delay])
 +	LIBS=$save_libs
 +
  	AC_DEFINE(USE_PAM, 1, [Define to support Pluggable Authentication Modules])
 +	AC_DEFINE_UNQUOTED(SHADOW_PAM_CONVERSATION, [$pam_conv_function],[PAM converstation to use])
  	AM_CONDITIONAL(USE_PAM, [true])
 -	LIBPAM="-lpam -lpam_misc"
 +
  	AC_MSG_CHECKING(use login and su access checking if PAM not used)
  	AC_MSG_RESULT(no)
  else
 Index: shadow-4.1.2.1/lib/pam_defs.h
 ===================================================================
 --- shadow-4.1.2.1.orig/lib/pam_defs.h
 +++ shadow-4.1.2.1/lib/pam_defs.h
 @@ -28,24 +28,31 @@
   * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
   */

 +#include <config.h>
  #include <security/pam_appl.h>
 -#include <security/pam_misc.h>
 +#ifdef HAVE_SECURITY_PAM_MISC_H
 +# include <security/pam_misc.h>
 +#endif
 +#ifdef HAVE_SECURITY_OPENPAM_H
 +# include <security/openpam.h>
 +#endif
 +

  static struct pam_conv conv = {
 -	misc_conv,
 +	SHADOW_PAM_CONVERSATION,
  	NULL
  };

  /* compatibility with different versions of Linux-PAM */
 -#ifndef PAM_ESTABLISH_CRED
 +#if !HAVE_DECL_PAM_ESTABLISH_CRED
  #define PAM_ESTABLISH_CRED PAM_CRED_ESTABLISH
  #endif
 -#ifndef PAM_DELETE_CRED
 +#if !HAVE_DECL_PAM_DELETE_CRED
  #define PAM_DELETE_CRED PAM_CRED_DELETE
  #endif
 -#ifndef PAM_NEW_AUTHTOK_REQD
 +#if !HAVE_DECL_PAM_NEW_AUTHTOK_REQD
  #define PAM_NEW_AUTHTOK_REQD PAM_AUTHTOKEN_REQD
  #endif
 -#ifndef PAM_DATA_SILENT
 +#if !HAVE_DECL_PAM_DATA_SILENT
  #define PAM_DATA_SILENT 0
  #endif
 Index: shadow-4.1.2.1/src/login.c
 ===================================================================
 --- shadow-4.1.2.1.orig/src/login.c
 +++ shadow-4.1.2.1/src/login.c
 @@ -644,9 +644,10 @@ int main (int argc, char **argv)
  			  failed = 0;

  			  failcount++;
 +#ifdef HAVE_PAM_FAIL_DELAY
  			  if (delay > 0)
  			    retcode = pam_fail_delay(pamh, 1000000*delay);
 -
 +#endif
  			  retcode = pam_authenticate (pamh, 0);

  			  pam_get_item (pamh, PAM_USER,
	Index: shadow-4.1.2.1/configure.in
	===================================================================
	--- shadow-4.1.2.1.orig/configure.in
	+++ shadow-4.1.2.1/configure.in
	@@ -339,13 +339,29 @@ if test "$with_libpam" != "no"; then
	AC_MSG_ERROR(libpam not found)
	fi

	- AC_CHECK_LIB(pam_misc, main,
	- [pam_misc_lib="yes"], [pam_misc_lib="no"])
	- if test "$pam_misc_lib$with_libpam" = "noyes" ; then
	- AC_MSG_ERROR(libpam_misc not found)
	+ LIBPAM="-lpam"
	+ pam_conv_function="no"
	+
	+ AC_CHECK_LIB(pam, openpam_ttyconv,
	+ [pam_conv_function="openpam_ttyconv"],
	+ AC_CHECK_LIB(pam_misc, misc_conv,
	+ [pam_conv_function="misc_conv"; LIBPAM="$LIBPAM -lpam_misc"])
	+ )
	+
	+ if test "$pam_conv_function$with_libpam" = "noyes" ; then
	+ AC_MSG_ERROR(PAM conversation function not found)
	fi

	- if test "$pam_lib$pam_misc_lib" = "yesyes" ; then
	+ pam_headers_found=no
	+ AC_CHECK_HEADERS( [security/openpam.h security/pam_misc.h],
	+ [ pam_headers_found=yes ; break ], [],
	+ [ #include <security/pam_appl.h> ] )
	+ if test "$pam_headers_found$with_libpam" = "noyes" ; then
	+ AC_MSG_ERROR(PAM headers not found)
	+ fi
	+
	+
	+ if test "$pam_lib$pam_headers_found" = "yesyes" -a "$pam_conv_function" != "no" ; then
	with_libpam="yes"
	else
	with_libpam="no"
	@@ -353,9 +369,22 @@ if test "$with_libpam" != "no"; then
	fi
	dnl Now with_libpam is either yes or no
	if test "$with_libpam" = "yes"; then
	+ AC_CHECK_DECLS([PAM_ESTABLISH_CRED,
	+ PAM_DELETE_CRED,
	+ PAM_NEW_AUTHTOK_REQD,
	+ PAM_DATA_SILENT],
	+ [], [], [#include <security/pam_appl.h>])
	+
	+
	+ save_libs=$LIBS
	+ LIBS="$LIBS $LIBPAM"
	+ AC_CHECK_FUNCS([pam_fail_delay])
	+ LIBS=$save_libs
	+
	AC_DEFINE(USE_PAM, 1, [Define to support Pluggable Authentication Modules])
	+ AC_DEFINE_UNQUOTED(SHADOW_PAM_CONVERSATION, [$pam_conv_function],[PAM converstation to use])
	AM_CONDITIONAL(USE_PAM, [true])
	- LIBPAM="-lpam -lpam_misc"
	+
	AC_MSG_CHECKING(use login and su access checking if PAM not used)
	AC_MSG_RESULT(no)
	else
	Index: shadow-4.1.2.1/lib/pam_defs.h
	===================================================================
	--- shadow-4.1.2.1.orig/lib/pam_defs.h
	+++ shadow-4.1.2.1/lib/pam_defs.h
	@@ -28,24 +28,31 @@
	* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
	*/

	+#include <config.h>
	#include <security/pam_appl.h>
	-#include <security/pam_misc.h>
	+#ifdef HAVE_SECURITY_PAM_MISC_H
	+# include <security/pam_misc.h>
	+#endif
	+#ifdef HAVE_SECURITY_OPENPAM_H
	+# include <security/openpam.h>
	+#endif
	+

	static struct pam_conv conv = {
	- misc_conv,
	+ SHADOW_PAM_CONVERSATION,
	NULL
	};

	/* compatibility with different versions of Linux-PAM */
	-#ifndef PAM_ESTABLISH_CRED
	+#if !HAVE_DECL_PAM_ESTABLISH_CRED
	#define PAM_ESTABLISH_CRED PAM_CRED_ESTABLISH
	#endif
	-#ifndef PAM_DELETE_CRED
	+#if !HAVE_DECL_PAM_DELETE_CRED
	#define PAM_DELETE_CRED PAM_CRED_DELETE
	#endif
	-#ifndef PAM_NEW_AUTHTOK_REQD
	+#if !HAVE_DECL_PAM_NEW_AUTHTOK_REQD
	#define PAM_NEW_AUTHTOK_REQD PAM_AUTHTOKEN_REQD
	#endif
	-#ifndef PAM_DATA_SILENT
	+#if !HAVE_DECL_PAM_DATA_SILENT
	#define PAM_DATA_SILENT 0
	#endif
	Index: shadow-4.1.2.1/src/login.c
	===================================================================
	--- shadow-4.1.2.1.orig/src/login.c
	+++ shadow-4.1.2.1/src/login.c
	@@ -644,9 +644,10 @@ int main (int argc, char **argv)
	failed = 0;

	failcount++;
	+#ifdef HAVE_PAM_FAIL_DELAY
	if (delay > 0)
	retcode = pam_fail_delay(pamh, 1000000*delay);
	-
	+#endif
	retcode = pam_authenticate (pamh, 0);

	pam_get_item (pamh, PAM_USER,